On our servers, we host a large number of Wordpress sites. For security reasons, I like to block access to the xmlrpc.php file. I do this by adding something like this to the .htaccess file for a site:
RewriteRule ^xmlrpc\.php - [F,L,NC]
While this functions, it is very inconvenient for an administrator for 2 reasons:
- It must be added to each site’s .htaccess file independently
- There is a risk that my customer will edit the htaccess file and remove or modify the rule I have added
What I am really seeking is a way to “include” a configuration file into httpd_config.conf. The included file would contain this rewrite rule as well as others I want applied to all sites on our servers such as the 7G Firewall rules.
If I can include a file at the server-level then I solve both the issues I have today:
- I do not have to edit every site’s htaccess independently
- It cannot be removed or edited by a user
cPanel already has the ability to include a server-wide conf file. I think it would be great if cyberpanel had this ability too.